UCF STIG Viewer Logo

Forescout must off-load log records onto a different system. This is required for compliance with C2C Step 1.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233324 FORE-NC-000160 SV-233324r811397_rule Medium
Description
Having a separate, secure location for log records is essential to the preservation of logs as required by policy.
STIG Date
Forescout Network Access Control Security Technical Implementation Guide 2021-12-17

Details

Check Text ( C-36519r811396_chk )
If DoD is not at C2C Step 1 or higher, this is not a finding.

1. Go to Tools >> Options >> Syslog.
2. Verify a syslog server's IP address is configured.

If each Forescout device does not offload log records to a separate device, this is a finding.
Fix Text (F-36484r605676_fix)
Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity.

1. Go to Tools >> Options >> Syslog.
2. Click Add/Edit.
3. Configure the Syslog:
- Syslog Server IP address
- Server Port
- Server Protocol set to TCP
- Check the Use TLS setting
- Configure the Identity, Facility, and Severity.
4. Click "Ok".
5. Click "Apply".